After more digging...
The CAS 5.0.0.RC3 login page is rendered with a hidden link to the CAS
client.
If I unhide the link in chrome and click it, I get...
org.springframework.webflow.engine.NoMatchingTransitionException: No transition
was matched on the event(s) signaled by the [1] action(s) that executed in this
action state 'clientAction' of flow 'login'; transitions must be defined to
handle action result outcomes -- possible flow configuration error? Note: the
eventIds signaled were: 'array['stopWebflow']', while the supported set of
transitional criteria for this action state is 'array[success, error, stop]'
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:130)
at org.springframework.webflow.engine.State.enter(State.java:194)
at org.springframework.webflow.engine.Flow.start(Flow.java:527)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223)
at
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy166.launchExecution(Unknown Source)
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:263)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apereo.cas.web.support.CurrentCredentialsAndAuthenticationClearingFilter.doFilter(CurrentCredentialsAndAuthenticationClearingFilter.java:28)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:105)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:90)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:89)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:107)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
at
org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1410)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
On Wednesday, 26 October 2016 12:46:06 UTC+1, Lewis Henderson wrote:
>
>
> <https://lh3.googleusercontent.com/-QcH_7bOluxY/WBCUhJyxFtI/AAAAAAAACf8/HO8ogx7fGbQ8zVmN8G2iUln8gbyhypKNgCLcB/s1600/OAuth2.png>
> Here is my attempt at a diagram!
>
> I am in control of everything inside the red box.
>
> What I have :-
>
> 1. User hits MyApp url and is redirected to CAS 5.0.0, which shows my
> login screen.
> 2. User logs in Ok.
> 3. User redirected back to MyApp Ok.
>
> What I need to do :-
>
> 1. User hits MyApp url and is redirected to CAS 4.x to show 3rd Party
> login screen.
> 2. User logs in.
> 3. User redirected back to MyApp.
>
> The reason for this setup is that I need to use the 3rd party CAS server
> if there is one els use my own.
> Everything inside the red box is secured by OAuth2.
>
> I have added the cas-server-support-pac4j-webflow dependency and
> configured the cas.authn.pac4j.cas.loginUrl to point to the CAS 4.x
> server's /login url and set the protocol to CAS30.
>
> I do not get redirected to the CAS 4.x server for login. Am I
> misunderstanding something or should this work?
>
>
> Cheers
>
>
> On Monday, 24 October 2016 14:03:10 UTC+1, Lewis Henderson wrote:
>>
>> Martin,
>>
>> Yes, I think your diagram shows it well.
>>
>> What I would eventually like is to have the OAuth network protected by a
>> CAS server.
>>
>> The CAS server can be configured to provide Authentication itself as is
>> the default or, as in this case, delegate authentication to another CAS
>> server, using it's UI etc.
>>
>> What configuration is required to do the delegation in this case?
>>
>> I have added the cas-server-support-pac4j-webflow dependency and set the
>> cas.server.authn.pac4j.cas.loginUrl and protocol. What else, if anything is
>> required?
>>
>> I currently get the redirect but on successful authentication, the
>> redirect back to my CAS server fails.
>>
>> I am not in the office at the moment, but will post the issue when I
>> return....
>>
>>
>> Cheers!
>>
>> On Monday, 24 October 2016 13:30:11 UTC+1, Martin Bohun wrote:
>>>
>>> Hi Lewis,
>>>
>>> This is just a confirmation question, are you trying to delegate/forward
>>> auth request from one cas server to another cas server?
>>> As shown in the following diagram (right-bottom corner):
>>>
>>>
>>> <https://raw.githubusercontent.com/mbohun/mbohun_graph-experiments/master/jasig-cas-upgrade/ala-cas-upgrade-01.png>
>>>
>>>
>>>
>>> https://github.com/mbohun/mbohun_graph-experiments/blob/master/jasig-cas-upgrade/ala-cas-upgrade-01.png
>>>
>>> Well, if yes, then the answer is (too) *yes* I did test that setup and
>>> it works fine.
>>>
>>> cheers,
>>>
>>> martin
>>>
>>> On Sunday, October 23, 2016 at 5:55:52 AM UTC+11, Lewis Henderson wrote:
>>>>
>>>> All,
>>>>
>>>> I have a requirement to 'chain' two CAS servers.
>>>>
>>>> My issue is that I am integrating with a third party that use a CAS
>>>> server that I have no control over.
>>>>
>>>> I would like to use CAS as the security server into an OAuth2
>>>> micro-service network (CAS as OAuth2 Server) but redirect login to the 3rd
>>>> Party CAS server.
>>>>
>>>> I have looked through the code and it seems as though if I manage to
>>>> get it configured, it will show my login screen but with a link to the
>>>> configured delegate server.
>>>>
>>>> Two questions :-
>>>>
>>>>
>>>> 1. How do I configure this on my CAS server?
>>>> 2. If there is only one provider, would it be possible to redirect
>>>> there directly, showing their login screen without the need to show
>>>> mine?
>>>> The reason for this is that theirs is branded with their logos etc...
>>>>
>>>>
>>>> Cheers
>>>>
>>>>
>>>>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3b692452-c732-4559-9c68-f27855059574%40apereo.org.
